package org.dy.db.util;

import java.util.StringTokenizer;

public class SQLChecker {

	private static String badwords = "select|update|delete|count|*|sum"
			+ "|master|script|'|declare|or|execute|alter|statement"
			+ "|executeQuery|count|executeUpdate";

	public static boolean isBadWords(String str) {
		if (str == null)
			return false;
		str = str.toLowerCase();
		// System.out.println(str);
		String[] data = split(badwords, "|");
		for (int i = 0; i < data.length; i++) {
			if (str.indexOf(data[i]) >= 0) {
				return true;
			}
		}
		return false;
	}

	public static String[] split(String str, String sign) {
		String[] strData = null;
		StringTokenizer st1 = new StringTokenizer(str, sign);

		strData = new String[st1.countTokens()];
		int i = 0;
		while (st1.hasMoreTokens()) {
			strData[i] = st1.nextToken().trim();
			i++;
		}
		return strData;
	}

	public static void main(String[] args) {
		String query = "name";// or 1=1";
		if (isBadWords(query)) {
			System.out.println("Illegle String");
		} else {
			System.out.println("Ok");
		}
	}
}
